A proxy node protects at least one edge node in a network of nodes. The proxy node includes a communications module for communicatively coupling the proxy node with the edge node so that all communications to and from that edge node go through the proxy node. The proxy node also has at least one isolated area that is associated with the at least one edge node. The isolated area stores application software for the associated edge node.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A proxy node for protecting at least one edge node in a network of nodes, the proxy node comprising: a memory to maintain at least one isolated area to store edge node application software that permits the proxy node to perform one or more edge node functions; communications circuitry to selectively control communications with the edge node; processing circuitry to: determine that an update for the edge node is available; increase a reboot frequency of the isolated area for the edge node when an update is required; install the update for the edge node in an isolated area for the edge node; determine that the update is installed successfully; and decrease the reboot frequency of the isolated area for the edge node, wherein the isolated area for the edge node is functionally isolated from other isolated areas in the memory.
In network systems, edge nodes perform critical functions but are vulnerable to security risks and failures during updates. This invention describes a proxy node that enhances security and reliability by managing updates for edge nodes. The proxy node includes a memory with isolated areas, each storing application software for a specific edge node, allowing the proxy node to perform edge node functions while keeping the edge node itself protected. The proxy node controls communications with the edge node and handles updates in a controlled manner. When an update is available, the proxy node increases the reboot frequency of the isolated area for the edge node to ensure the update is applied in a secure environment. After the update is installed successfully, the reboot frequency is decreased. The isolated areas in the memory are functionally isolated from each other, preventing cross-contamination between different edge node environments. This approach reduces the risk of failures during updates and improves the overall security and reliability of edge node operations.
2. The proxy node of claim 1 , wherein the memory comprises a plurality of isolated areas, each isolated area associated with one or more edge nodes of a same type.
A proxy node in a distributed computing system manages communication between edge nodes and a central server. The proxy node includes a memory with multiple isolated storage areas, where each isolated area is dedicated to one or more edge nodes of the same type. This isolation ensures that data and operations for different types of edge nodes are segregated, preventing interference and improving security. The proxy node also includes a processor that processes requests from edge nodes, forwards them to the central server, and relays responses back to the edge nodes. The isolated memory areas allow the proxy node to handle different types of edge nodes efficiently, such as sensors, actuators, or gateways, without mixing their data or processing logic. This design enhances system reliability and security by ensuring that edge nodes of different types operate independently within their designated memory spaces. The proxy node may also include network interfaces for communication with edge nodes and the central server, ensuring seamless data exchange. The isolated memory areas can be dynamically allocated or reconfigured based on the types of edge nodes connected to the proxy node, allowing for flexible system scaling. This approach is particularly useful in industrial IoT, smart cities, or other distributed systems where different edge devices require specialized handling.
3. The proxy node of claim 1 , wherein the isolated area for the edge node is dynamically linked to a communications module at the edge node.
This invention relates to network communication systems, specifically improving connectivity and security for edge nodes in distributed networks. The problem addressed is ensuring reliable and secure communication between edge nodes and central systems, particularly in environments where direct connections may be unstable or vulnerable to attacks. The system includes a proxy node that acts as an intermediary between edge nodes and a central network. The proxy node manages communication channels and enforces security policies. A key feature is the creation of an isolated area within the proxy node for each edge node, ensuring that data from different edge nodes is segregated to prevent unauthorized access or interference. This isolation enhances security by limiting the exposure of edge nodes to potential threats from other nodes or the broader network. The isolated area for an edge node is dynamically linked to a communications module at the edge node. This dynamic linking allows for flexible and adaptive communication paths, adjusting based on network conditions, security requirements, or operational needs. The communications module at the edge node handles data transmission and reception, while the proxy node's isolated area ensures that the data is processed and routed securely. This dynamic linkage enables real-time adjustments to communication parameters, such as bandwidth allocation or encryption protocols, to optimize performance and security. The system is particularly useful in industrial IoT, smart grids, or other distributed environments where edge nodes must maintain secure and reliable connections to central systems while operating in potentially hostile or unstable network conditions.
4. The proxy node of claim 1 , wherein the isolated area for the edge node includes a virtual machine, a container, a sandbox, a physical partition, or a separate device.
This invention relates to a proxy node system designed to enhance security and isolation for edge computing environments. The system addresses the challenge of securely managing edge nodes, which are often deployed in untrusted or vulnerable locations, by providing a proxy node that acts as an intermediary between the edge node and a central network. The proxy node enforces security policies, monitors traffic, and isolates the edge node to prevent unauthorized access or attacks. The isolated area for the edge node can be implemented using various techniques, including a virtual machine, a container, a sandbox, a physical partition, or a separate device. These isolation methods ensure that the edge node operates in a controlled environment, reducing the risk of compromise. The proxy node also manages communication between the edge node and the central network, applying encryption, authentication, and access control measures to protect data in transit. Additionally, the system may include monitoring and logging capabilities to detect and respond to security threats in real time. By using a proxy node with configurable isolation methods, the system provides a flexible and secure way to deploy edge computing resources in diverse environments while maintaining strong security controls. This approach is particularly useful in scenarios where edge nodes must operate in remote or high-risk locations, such as industrial IoT, smart cities, or military applications. The system ensures that edge nodes remain secure and compliant with organizational security policies, even when deployed in challenging conditions.
5. The proxy node of claim 1 , wherein the update is an update of edge node application software for the edge node.
Edge computing systems deploy applications across distributed edge nodes to reduce latency and improve performance. However, updating application software across numerous edge nodes presents challenges, including ensuring consistency, minimizing downtime, and managing network bandwidth. Existing solutions often rely on centralized management, which can introduce delays and inefficiencies. This invention addresses these issues by introducing a proxy node that facilitates software updates for edge nodes. The proxy node acts as an intermediary between a central management system and the edge nodes, coordinating the distribution and installation of updates. Specifically, the proxy node receives update instructions from the central system, validates the updates, and then distributes them to the target edge nodes. The proxy node also monitors the update process, ensuring successful deployment and reporting any failures back to the central system. In one embodiment, the proxy node is configured to handle updates for edge node application software. This includes verifying the integrity of the software packages, managing dependencies, and ensuring compatibility with the target edge nodes. The proxy node may also prioritize updates based on factors such as node criticality, network conditions, or update urgency. By offloading these tasks from the central system, the proxy node reduces the load on the central infrastructure and improves the efficiency of the update process. The invention enhances the reliability and scalability of edge computing environments by decentralizing update management, reducing latency, and minimizing disruptions to edge node operations.
6. The proxy node of claim 1 , wherein the processing circuitry is configured to: reboot one or both of the edge node and the proxy node following installation of the update.
This invention relates to a proxy node in a distributed computing system, particularly for managing updates to edge nodes. The system addresses the challenge of ensuring reliable and secure deployment of software updates to edge nodes, which are often resource-constrained and may be geographically dispersed. The proxy node acts as an intermediary between a central management system and the edge nodes, facilitating the distribution and installation of updates while minimizing disruptions to ongoing operations. The proxy node includes processing circuitry that handles the update process, including verifying the integrity and authenticity of the update before installation. After the update is installed, the processing circuitry is configured to reboot either the edge node, the proxy node, or both, as needed to ensure the update takes effect properly. This reboot functionality helps maintain system stability and ensures that the updated software is fully operational. The proxy node may also monitor the update process, track the status of installed updates, and report back to the central management system to ensure compliance and security across the distributed network. This approach improves the reliability and security of software updates in edge computing environments.
7. The proxy node of claim 6 , wherein the update includes an updated golden image at the proxy node from which the isolated area for the edge node is rebooted.
This invention relates to edge computing systems, specifically addressing the challenge of efficiently managing and updating isolated computing environments at edge nodes. Edge nodes often operate in distributed environments where direct access to centralized resources may be limited or unreliable. The invention provides a proxy node that facilitates updates to isolated areas of an edge node, ensuring consistent and secure operation without disrupting ongoing processes. The proxy node stores a golden image, which is a verified and optimized system image used to reboot isolated areas of the edge node. When an update is required, the proxy node provides an updated golden image to the edge node, allowing the isolated area to reboot with the latest configuration, patches, or software versions. This approach ensures that the edge node operates with the most current and secure system state while maintaining isolation between different computing environments. The proxy node acts as an intermediary, reducing the need for direct updates from a central server and improving reliability in edge computing deployments. The system is particularly useful in scenarios where edge nodes must operate autonomously or with intermittent connectivity to central management systems.
8. The proxy node of claim 1 , wherein the processing circuitry is configured to: determine that the update is not installed successfully, and roll back the isolated area for the edge node to original software in place in the isolated area for the edge node prior to the update.
This invention relates to a proxy node in a distributed computing system, specifically for managing software updates in edge computing environments. The problem addressed is ensuring reliable and reversible software updates for edge nodes, which are often resource-constrained and remotely deployed, making manual intervention difficult. The proxy node includes processing circuitry that monitors and controls software updates for connected edge nodes. When an update is initiated, the proxy node isolates the update process to prevent disruptions to the edge node's operations. If the update fails or is otherwise unsuccessful, the processing circuitry automatically detects this condition and triggers a rollback mechanism. The rollback restores the edge node's software to its original state, reverting any changes made during the failed update. This ensures system stability and minimizes downtime. The proxy node may also manage multiple edge nodes, coordinating updates and rollbacks across the network. The system prioritizes reliability by maintaining a backup of the original software configuration, allowing seamless restoration if the update process encounters errors. This approach is particularly useful in environments where edge nodes operate critical functions and cannot afford extended downtime or unstable software states. The invention improves update reliability and reduces the risk of system failures due to unsuccessful software deployments.
9. The proxy node of claim 1 , wherein the processing circuitry is configured to: enter a protection mode after determining that an update of the edge node is required, and leave the protection mode when the update is installed successfully.
This invention relates to a proxy node in a network system, specifically addressing the challenge of ensuring seamless operation during updates of edge nodes. The proxy node includes processing circuitry that monitors the status of connected edge nodes and determines when an update is required. Upon detecting the need for an update, the proxy node enters a protection mode to maintain network stability and prevent disruptions. In this mode, the proxy node may temporarily take over tasks or redirect traffic to ensure continuous service while the edge node undergoes the update process. Once the update is successfully installed, the proxy node exits the protection mode, allowing the edge node to resume normal operation. This mechanism ensures that updates do not cause service interruptions, enhancing reliability in distributed network systems. The proxy node may also include additional features, such as communication interfaces for interacting with edge nodes and a control unit for managing the update process. The system is designed to automate the update procedure, reducing manual intervention and minimizing downtime.
10. The proxy node of claim 1 , wherein the processing circuitry is configured to: determine whether a communications link exists between the proxy node and the edge node, and if not, create a communications link between edge node application software in the isolated area of the proxy node for the edge node and secure communications software at the edge node.
This invention relates to secure communication systems involving proxy nodes and edge nodes, addressing the challenge of establishing reliable and secure links between these components. The system includes a proxy node with processing circuitry that manages communication with an edge node. The proxy node contains an isolated area for running edge node application software, ensuring security and isolation from other processes. The processing circuitry determines whether a direct communications link exists between the proxy node and the edge node. If no such link exists, the circuitry initiates the creation of a secure communications link. This link connects the edge node application software within the isolated area of the proxy node to secure communications software at the edge node, ensuring encrypted and authenticated data exchange. The system enhances security by isolating sensitive applications and enforcing secure communication protocols, preventing unauthorized access or data breaches. The invention is particularly useful in environments requiring high-security communication between distributed nodes, such as industrial control systems, cloud computing, or IoT networks.
11. The proxy node of claim 10 , wherein the communications link includes an encrypted communications channel.
A proxy node is used in a network to facilitate secure communication between a client device and a server. The proxy node acts as an intermediary, receiving requests from the client, forwarding them to the server, and relaying responses back to the client. This setup enhances security, privacy, and performance by masking the client's identity, filtering traffic, and optimizing data transfer. The proxy node includes a communications link that establishes a connection between the client and the server. This link is configured to include an encrypted communications channel, ensuring that data transmitted between the client and server is protected from interception or tampering. Encryption prevents unauthorized parties from accessing sensitive information during transmission, maintaining confidentiality and integrity. The proxy node may also perform additional functions, such as authentication, load balancing, and caching, to improve network efficiency and security. By integrating encryption into the communications link, the proxy node provides a robust solution for secure data exchange in environments where privacy and data protection are critical. This approach is particularly useful in applications like financial transactions, healthcare data exchange, and enterprise communications where security is a priority.
12. The proxy node of claim 1 , wherein the memory comprises multiple isolated areas to store edge node application software for multiple edge nodes that permits the proxy node to perform one or more edge node functions for each of the multiple edge nodes.
This invention relates to a proxy node in edge computing systems, addressing the challenge of efficiently managing and executing edge node functions across multiple edge nodes. The proxy node includes a memory with multiple isolated storage areas, each dedicated to storing application software for different edge nodes. This isolation ensures that the software for one edge node does not interfere with another, maintaining security and operational integrity. The proxy node can perform one or more edge node functions on behalf of each edge node, such as data processing, analytics, or communication tasks, reducing the computational load on individual edge nodes. By centralizing these functions, the system improves resource utilization, scalability, and reliability in edge computing environments. The isolated storage areas prevent conflicts between different edge node applications, ensuring that each edge node operates independently while benefiting from shared proxy node resources. This approach enhances the flexibility and efficiency of edge computing deployments, particularly in scenarios where multiple edge nodes need to offload tasks to a centralized proxy node.
13. A non-transitory, computer-readable storage medium comprising computer code which when executed by one or more computers in a proxy node causes the proxy node to perform a method for protecting at least one edge node in a network of nodes, the method comprising: selectively controlling communications with the edge node; determining that an update for the edge node is available; increasing a reboot frequency of the isolated area for the edge node following the determining that an update is required; installing the update for the edge node in an isolated area for the edge node, determining that the update is installed successfully; and decreasing the reboot frequency of the isolated area for the edge node, wherein the isolated area for the edge node is functionally isolated from other isolated areas in the memory.
This invention relates to network security, specifically protecting edge nodes in a distributed network by managing updates in isolated environments. The problem addressed is the vulnerability of edge nodes to security threats during updates, which can disrupt network operations if not handled properly. The solution involves a proxy node that controls communications with an edge node and manages updates in a functionally isolated memory area, separate from other isolated areas. When an update is available, the proxy node increases the reboot frequency of the isolated area to test the update's stability. After successful installation, the reboot frequency is reduced. This approach ensures that updates are applied safely without compromising the edge node's functionality or exposing the network to risks. The isolated area prevents interference with other nodes, maintaining network integrity during the update process. The proxy node's selective communication control further enhances security by limiting exposure during updates. This method is particularly useful in environments where edge nodes require frequent updates but must remain highly available and secure.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
July 29, 2019
February 8, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.